From bbd77fa15f48fa458a84733beaecce7dd7d111f648ca1a09b775eccae3fb60a2 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Tue, 18 Jul 2017 08:02:28 +0000 Subject: [PATCH] Accepting request 511049 from home:stroeder:branches:network update to 3.0.15 - now with CVE ids successfully tested on Tumbleweed x86_64 OBS-URL: https://build.opensuse.org/request/show/511049 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=100 --- freeradius-server-3.0.14.tar.bz2 | 3 --- freeradius-server-3.0.14.tar.bz2.sig | Bin 543 -> 0 bytes freeradius-server-3.0.15.tar.bz2 | 3 +++ freeradius-server-3.0.15.tar.bz2.sig | Bin 0 -> 543 bytes freeradius-server.changes | 16 ++++++++++++++++ freeradius-server.spec | 2 +- 6 files changed, 20 insertions(+), 4 deletions(-) delete mode 100644 freeradius-server-3.0.14.tar.bz2 delete mode 100644 freeradius-server-3.0.14.tar.bz2.sig create mode 100644 freeradius-server-3.0.15.tar.bz2 create mode 100644 freeradius-server-3.0.15.tar.bz2.sig diff --git a/freeradius-server-3.0.14.tar.bz2 b/freeradius-server-3.0.14.tar.bz2 deleted file mode 100644 index 6b7488e..0000000 --- a/freeradius-server-3.0.14.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2771f6ecd6c816ac4d52b66bb8ae6781ca20e1e4984c5804fc4e67de3a807c59 -size 3037721 diff --git a/freeradius-server-3.0.14.tar.bz2.sig b/freeradius-server-3.0.14.tar.bz2.sig deleted file mode 100644 index aaf344c0456527c1ad4bb139c94f3adf9c5421a89d7908e15ec5499e2e49ffd3..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmV+)0^t3L0vrSY0RjL91p-+pc6I;?2@oLTd?lG%Plb%?5B@R&%BQ7m@F@ImhEh(b zbxJq@7jOE57i@0KsO*hCk14_#U(0 z!VwjvlhZ{y8lGKZp6!Lhbz3`k*e+*k*MpLbes;#WLoLj9i*iT1ZSGoGX zb}JDaqj63F0dba$|Evo#G7?L>cc!>EEasQxSJ0XIw$3jmRPFl6 zNbCm(5$+EPXq28#vTfcg4md}Zx2wb;@|1tAV}{Xeh`*OKbsx@leYD2*XQdtMf+3EJ zV+vEa%Brr5as}oKV50VD3gVbu6c968Fb4mDIZ00!i`~nYg1(KrK(*0?_1^ZNbg-+i z%LWmk|6gQ_e<|#Yh}0^~fh2iaS?dghnh~-!%ZJkdU)pGSc=Mw1w~gTyey3dIHdr^D zd&saLX7^=62a;Z6@FET@6CxdMo9iW><4>SZKP^TTxkWilJik9n@X>smb@fJix92ww zFYRS06x>0Am%g~W%GE{&dxj?$-B&*tb+;O8_W>PRELq-J1fYp{xeyIu9;DwU*+y*6 h)IVsTPVhA1N;uwmzAhNjTvk`-z(^s9;#-Nsho(*%1X%z8 diff --git a/freeradius-server-3.0.15.tar.bz2 b/freeradius-server-3.0.15.tar.bz2 new file mode 100644 index 0000000..6c103e6 --- /dev/null +++ b/freeradius-server-3.0.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23267d8505e7b2909f5bdbf3938ca077c1fe122290dc969304d4f3b594f7e3ba +size 3038070 diff --git a/freeradius-server-3.0.15.tar.bz2.sig b/freeradius-server-3.0.15.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..0437f75f96e2ccaf7824d9ef19cf003dd0f38de541be37901ea94302aa337960 GIT binary patch literal 543 zcmV+)0^t3L0vrSY0RjL91p--Yu-pI&2@oLTd?lG%Plc^m5C3~=JF``8ikGT{iJ*ir zALeN2!>;YK8jzPSNqYV`yj@{3)tV32tJb>bb{~O`+6p;=b28kORAe&oy?;S<#^V`L zU$dg28F2mJ=+An>L=8!9ViaT*(prEZCbf{ zDwqqR9^{~vBuAZ-iDT4n;M>(bl*GZ@zy`oIB_<+Ug7X7uVo`a=Ebt5f&QAs{sj0@D zOaxO$JcV)-Uz)8VDr7mK%e==jz23erbR3HB?y~!22mU?8gu#WFt)S_}e!<8vEw~7^ zLb{g#m?kE!NC|8E-R~TTw{`ikeJykGhgDNQXvPz^xjmasXp1iAtF!qE&4pZ8}W=&0A?;j`Q}Vrtf;IUV=|5`5z4L;9o*o&(nIKp^t%B0?NKum; zAixD!im^8*nrb&bq?+QHILaE&?#a*Rv}|h(bF3ZT%D9mshLUzo+Ba>`I}Nue9a5UY z-Ss=_2nq$e3lUmpIX7^@FkQi5khA$Js3Rn7C!7nchoD*0>_K<>$W88C#`|Ei9Uq`G hcnf^t=Ihw)k;Zbye-8|A*(AHWjmr6tDweuQ>}LTX2*CgV literal 0 HcmV?d00001 diff --git a/freeradius-server.changes b/freeradius-server.changes index 85e7f21..1132c99 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jul 17 13:46:41 UTC 2017 - michael@stroeder.com + +- update to 3.0.15 with security fixes for + issues found via fuzzing by Guido Vranken + https://freeradius.org/security/fuzzer-2017.html + * CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret() + * CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 + * CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax() + * CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes + * CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() + * CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() + * CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly + * FR-AD-002 (v3) String lifetime issues in rlm_python + * FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare + ------------------------------------------------------------------- Mon May 29 12:40:52 UTC 2017 - adam.majer@suse.de diff --git a/freeradius-server.spec b/freeradius-server.spec index 87ad884..03369e8 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -20,7 +20,7 @@ %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Name: freeradius-server -Version: 3.0.14 +Version: 3.0.15 Release: 0 %if 0%{?suse_version} > 1140